math 1020: chapter 3.2: math 1020: mathematics for non-science chapter 3.2: cryptography 1...
TRANSCRIPT
MATH 1020: MATH 1020: Mathematics For Non-science
Chapter 3.2: Chapter 3.2: Cryptography
1
Instructor: Dr. Ken Tsang
Room E409-R9
Email: [email protected]
Transmitting Information
– Binary codes– Data compression – Encoding with parity-check sums– Cryptography– Model the genetic code
2
Information TheoryInformation Theory
Information Source
Transmitter Receiver Destination
Noise Source
Message Signal
Received Signal Message
A typical communication system
Shannon (1948)
Bad guys
3
4
Computer system securityComputer system security Consider your bank account
– You want to be the only one able to withdraw money from your account.
Similar concerns in the computing resources:– You want to be able to create, read and modify your files
and let your co-worker Bob only to read it.– Safeguarding database contents, files, email messages etc.
Securing computer systems is a difficult problem– Information system components including hardware,
software, users and data are dynamic in nature, so the solution needs to be re-evaluated.
5
Secure communicationSecure communication Many sensitive data are being transmitted through
the network all the time– You want to buy a book online and send the bookstore
your credit card number… personal data– Your father transfers money from his account to yours in a
home banking session… personal data– Bob wants to send secret messages to express his love to
Jane… privacy– The branch office of IBM in China sent a new business
plan to its headquarter in US…commercial secret– The US Embassy in Beijing sent a cable back to
Washington to report China’s latest political and economical developments… national secret
6
Who needs secure communication?Who needs secure communication? Before the computer age
– Governments– Militaries– Diplomats– Secret societies
Now, everybody who uses the computer Almost all modern telephone, internet, fax and
satellite communications are exploitable due to recent advances in technology and the 'open air' nature of much of the radio communications around the world.
7
ECHELON:ECHELON: the big brother watching usthe big brother watching us The vast international global eavesdropping network has
existed since shortly after the second world war, when the US, Britain, Canada, Australia and New Zealand signed a secret (UKUSA) agreement on signals intelligence, or "sigint".
The system, reportedly in development since 1947, has been revealed in a number of public sources, first in a New Statesman article titled Someone's Listening in 1988. Its capabilities and political implications were later investigated by a committee of the European Parliament published in 2001.
8
ECHELONECHELON intercept station at Menwith Hill, England.intercept station at Menwith Hill, England.
In the days of the cold war, ECHELON's primary purpose was to keep an eye on the U.S.S.R. In the wake of the fall of the U.S.S.R. ECHELON justifies it's continued multi-billion dollar expense with the claim that it is being used to fight "terrorism", the catch-all phrase used to justify any and all abuses of civil rights.
9
ECHELON:ECHELON: the big brother the big brother
watching uswatching usThe purpose of the UKUSA agreement was to
create a single vast global intelligence organization sharing common goals and a common agenda, spying on the world and sharing the data. The entire global system is actually run by the US National Security Agency (NSA).
10
The The National Security Agency National Security Agency (NSA)(NSA)
The United States government's cryptologic organization responsible for the collection and analysis of foreign communications.
It coordinates, directs, and engages in activities to produce foreign signals intelligence information, using cryptanalysis and cryptographic technologies.
11
The struggle to keep communication The struggle to keep communication securesecure
Throughout history, cryptographers and cryptanalysts struggled to out-wit each other to achieve/expose secure communication.
12
Enigma machineEnigma machineAs the German military strength
grew in the late 1920s, it began looking for a better way to secure its communications. It found the answer in a new cryptographic machine called "Enigma." The Germans believed the encryption generated by the machine to be unbreakable. With a theoretical number of ciphering possibilities of 3 x 10**114, their belief was not unjustified.
13
The first computer: The first computer: 'Bombe'?'Bombe'?
During World War II, English mathematician Alan Turing designed the “Bombe”, a machine to find the passwords or 'keys' into the secret codes of 'Enigma’, the famous encryption machine used by the German army in the field and to communicate to U-Boats in the Atlantic.
14
Between 1939 and 1945, the most advanced and creative forms of mathematical and technological knowledge were combined to master German communications. British cryptanalysts, Alan Turing at the forefront, changed the course of the Second World War and created the foundation for the modern computer. During World War II, Bletchley Park, a Victorian Gothic mansion, was the site of the United Kingdom's main decryption establishment.Electronic machines were
built out of readily available parts used for telephone switchgear. This move from mechanical to electronic methods in cryptography was probably the most significant result of the Bletchley Park codebreakers.
15
Alan M. Turing (1912-1954) Alan M. Turing (1912-1954) Alan Turing is often called the
father of modern computers for two other reasons. Before the war he had the idea of a theoretical machine which could be programmed to solve any problem, just like our modern computers. Then, after the war he used the experience of working at Bletchley Park (top secret Laboratory in England during war time) to help build some of the worlds first computers in the UK.
16
Cryptography- Cryptography- a way to securitya way to security
Cryptography is the study of secret (crypto-) writing (-graphy) developing algorithms which may be used to:
– conceal the context of some message from all except the sender and recipient (privacy or secrecy), and/or
– verify the correctness of a message to the recipient (authentication)
Friends and enemies: Alice, Bob, TrudyFriends and enemies: Alice, Bob, Trudy
17
Bob & Alice want to communicate “securely”Trudy (intruder) may intercept, delete, add
messages
securesender
securereceiver
channel data, control messages
data data
Alice
Bob
Trudy
18
Basic terms of CryptographyBasic terms of Cryptography A message is in its original form is plaintext. The coded (transformed) information is ciphertext The process of producing ciphertext from plaintext is
encryption (encode, encipher ). The reverse of encryption is decryption (decode, decipher).
The art of creating ciphertext is Cryptography. The study of methods of decoding ciphertext back into plaintext without knowledge of the key is called code-breaking, or cryptanalysis.
19
How cryptography worksHow cryptography works
m plaintext message
KA(m) ciphertext, encrypted with key KA
m = KB(KA(m))
plaintext plaintextciphertext
KA
encryptionalgorithm
decryption algorithm
Alice’s encryptionkey
Bob’s decryptionkey
KB
20
Types of CryptographyTypes of Cryptography
Cryptography often uses keys:– Algorithm is known to everyone– Only “keys” are secret
Asymmetric/Public key cryptography – Involves the use of two (1 secret & 1 public)
keysSymmetric/secret key cryptography
– Involves the use one secret key
21
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
K(E) = K(D)
K(E) != K(D)
22
Symmetric key cryptographySymmetric key cryptography
Symmetric key crypto: Bob and Alice share same (symmetric) key: K
e.g., key is knowing substitution pattern in mono alphabetic substitution cipher
How do Bob and Alice agree on key value?
plaintextciphertext
K S
encryptionalgorithm
decryption algorithm
S
K S
plaintextmessage, m
K (m)S
m = KS(KS(m))
Secret key encryptionSecret key encryption In Symmetric-Key encryption, each computer (for
example two computers) has a secret key (code) that it can use to encrypt (encode) a packet of information.
As an example “shift by 2” with letters could be “A” becomes “C” and “B” becomes “D”.
Key distribution (so that A & B share the same key) can be problematic.
23
Kerckhoffs’ Principle- Kerckhoffs’ Principle- Key is the only secret Key is the only secret
In any practical cipher system, it is often assumed that the interceptor will at some point find out the general system that is being used.
Security of the message resides in preventing the interceptor from finding out the message key, the specific details of exactly how the system was configured for sending that particular message.
24
Conventional Cryptosystem Conventional Cryptosystem ModelModel
25
26
Classical CryptographyClassical Cryptography
• Sender, receiver share common key– Keys may be the same, or trivial to derive from
one another– symmetric cryptography
• Two basic types– Transposition ciphers– Substitution ciphers– Combinations are called product ciphers
27
Transposition CipherTransposition Cipher• Rearrange letters in plaintext to produce ciphertext• Example (Rail-Fence Cipher or 2-columnar
transposition)– Plaintext is HELLO WORLD– HELLOWORLD
– Ciphertext is HLOOL ELWRD
28
Transposition CipherTransposition Cipher
• Generalize to n-columnar transpositions• Example 3-columnar
– HELLOWORLDXX
– HLODEORXLWLX
Modern Transposition ciphers take in N bits and permute using lookup table : called P-Boxes.
29
Attacking the Transposition CipherAttacking the Transposition Cipher
• Anagramming (rearranging the letters of a
word/phrase to produce a new word/phrase)– If 1-gram frequencies match English
frequencies, but other n-gram frequencies do not, probably transposition
– Rearrange letters to form n-grams with highest frequencies
Di-gram - Di-gram - frequenciesfrequencies
30
Pairs of letters in English (referred to as digrams) have their characteristic frequencies. Some of the most common in English are given in the following table. Meaker’s tables, and those of Pratt and Fraprie, are taken from Gaines.
One can also analyze trigrams, or longer sequences. Among the most common trigrams in English are THE, ING, THA, AND, ION.
31
Example: Example: Transposition CipherTransposition Cipher• Ciphertext: HLOOLELWRD• Frequencies of 2-grams beginning with H (generally in English)
• Examine frequencies of H-{letters in ciphertext}– HE 0.0305– HO 0.0043– HL, HW, HR, HD < 0.0010
• Frequencies of 2-grams ending in H (again, generally in English)• Examine frequences of {letters in ciphertext}-H– WH 0.0026– EH, LH, OH, RH, DH ≤ 0.0002
• Implies it likely that E follows H in plaintext
32
ExampleExample• Arrange so the H and E are adjacent
HELLOWORLD
• Read off across, then down, to get original plaintext
33
Substitution cipherSubstitution cipher substituting one character for another
– Mono-alphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbc
E.g.:
Key: the mapping from the set of 26 letters to the set of 26 lettersTotal numbers of possible substitutions: 26!
34
Cæsar Ciphers
35
Cæsar CiphersCæsar CiphersCæsar cipher (simplest substitution cipher):
ABCDEFGHIJKLMNOPQRSTUVWXYZ
GHIJKLMNOPQRSTUVWXYZABCDEF• Example (Cæsar cipher)
– Plaintext is HELLO WORLD– Change each letter to the third letter following it (X
goes to A, Y to B, Z to C)• Key is 3, usually written as letter ‘D’
– Ciphertext is KHOOR ZRUOG
36
Attacking the Cæsar CipherAttacking the Cæsar Cipher• Exhaustive search
– If the key space is small enough, try all possible keys until you find the right one
– Cæsar cipher has 26 possible keys
• Statistical analysis– Compare to 1-gram model of English
Relative Frequency of Letters in English TextRelative Frequency of Letters in English Text
37
English alphabet FrequenciesEnglish alphabet Frequencies
38
0.00225:z0.0156:g
0.02024:y0.06018:s0.03012:m0.0205:f
0.00523:x0.06517:r0.03511:l0.1304:e
0.01522:w
0.00216:q0.00510:k0.0403:d
0.01021:v0.02015:p0.0059:j0.0302:c
0.03020:u0.08014:o0.0658:i0.0151:b
0.09019:t
0.07013:n0.0607:h0.0800:a
p(char idx) p(char idx) p(char idx) p(char idx)
Frequency Statistics of LanguageFrequency Statistics of LanguageIn addition to the frequency info of single letters,
the frequency info of two-letter (digram) or three-letter (trigram) combinations can be used for the cryptanalysis
Most frequent digrams– TH, HE, IN, ER, AN, RE, ED, ON, ES, ST, EN, AT, TO,
NT, HA, ND, OU, EA, NG, AS, OR, TI, IS, ET, IT, AR, TE, SE, HI, OF
Most frequent trigrams– THE, ING, AND, HER, ERE, ENT, THA, NTH, WAS,
ETH, FOR, DTH
39
40
Cæsar’s weaknessCæsar’s weakness• Key is too short
– Can be found by exhaustive search– Statistical frequencies not concealed well
• They look too much like regular English letters
• Improve the substitution permutation– Increase number of mapping options from 26– Modern substitution ciphers take in N bits and
substitute N bits using lookup table: called S-Boxes
41
Vigènere CipherVigènere CipherIn 1562, Blaise de Vigènere invented a cipher in
which a different Caesar shift is applied to each letter of the plaintext.
Example– Message THE BOY HAS THE BALL– Key VIG– Encipher using Cæsar cipher for each letter:
key VIGVIGVIGVIGVIGVplain THEBOYHASTHEBALLcipher OPKWWECIYOPKWIRG
Vigenère Square
42
43
Useful Terms for Vigènere CipherUseful Terms for Vigènere Cipher
• period: length of key– In earlier example, period is 3
• Poly-alphabetic: the key has several different letters– Unlike Cæsar cipher, which is mono-alphabetic
44
Attacking the Vigènere Cipher Attacking the Vigènere Cipher • Approach
– Establish period; call it n– Break message into n parts, each part being
enciphered using the same key letter, e.g., a Cæsar cipher
– Solve each part as separate Cæsar cipher problem
• Automated in applet– http://math.ucsd.edu/~crypto/java/EARLYCIPH
ERS/Vigenere.html
45
Establish PeriodEstablish Period• Kaskski: repetitions in the ciphertext occur when
characters of the key appear over the same characters in the plaintext
• Example : same pattern in the plaintext occurs under the same pattern of key:
key VIGVIGVIGVIGVIGVplain THEBOYHASTHEBALLcipher OPKWWECIYOPKWIRGNote the key and plaintext line up over the repetitions
(underlined). As distance between repetitions is 9, the period is a factor of 9 (that is, 1, 3, or 9)
Playfair CipherPlayfair Cipher Best-known multiple-letter substitution cipher Digram cipher (diagram to digram, i.e., E(pipi+1)=cici+1
through key-based 5x5 transformation table)
Great advance over simple mono-alphabetic cipher– 26 letters 26x26=676 digrams
Still leaves much of the structure of the plaintext language relatively easy to break
Can be generalized to polygram cipher
Keyword = monarchy
Plaintext: H S E A A R M UCiphertext: B P I M R M C M
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
46
Rotor MachinesRotor Machines
• Each rotor corresponds to a substitution cipher
• A one-rotor machine produces a polyalphabetic cipher with period 26
• Output of each rotor is input to next rotor
• After each symbol, the “fast” rotor is rotated
• After a full rotation, the adjacent rotor is rotated (like odometer)
- An n rotor machine produces a polyalphabetic cipher with period 26n
• Mechanical cipher machines, extensively used in WWII; Germany (Enigma), Japan (Purple), Sweden (Hagelin)
47
The basic Enigma was invented in 1918 The basic Enigma was invented in 1918 by Arthur Scherbius in Berlin.by Arthur Scherbius in Berlin.
It enciphers a message by performing a number of substitutions one after the other. Scherbius's idea was to achieve these substitutions by electrical connections.
48
Figure 1 shows just a few of the 26 wires which will give the effect of the substitutions given earlier as a look-up table. For instance there is a wire from Q in the top row to M in the bottom row. Thus an electrical voltage applied to the Q terminal on the top row will appear at the M terminal on the bottom row.
49
The next idea is that it is not much more difficult to compose substitutions which are to be performed one after the other. The bottom row of terminals can simply be connected to the entry terminals of another set of wires, as in figure 2.
The voltage appearing at the M terminal carries on to the R terminal on the bottom row. Thus the wirings have achieved a 'substitution' first from Q to M and then from M to R.
50
Suppose the second set of wirings is displaced by 2 letters, as in Figure 3:
In figure 3, an input at letter Q results in a lamp L lighting. Each choice from the 26 possible shifts now gives rise to a completely different substitution alphabet. If the wiring embodying the substitutions are set in a wheel then the shifts are achieved by rotations of one wheels against another.
51
““One-Time pad” -- random keyOne-Time pad” -- random key• A Vigenère cipher with a random key at least as
long as the message– Provably unbreakable– Why? Look at ciphertext DXQR. Equally likely to
correspond to plaintext DOIT (key AJIY) and to plaintext DONT (key AJDY) and any other 4 letters
– Each key used only once, Not very practical– Warning: keys must be random, or you can attack the
cipher by trying to regenerate the key• Approximations, such as using pseudorandom number
generators to generate keys, are not random
Attributes of Strong Attributes of Strong EncryptionEncryption
Confusion: relationship between key and ciphertext as complex as possible.
Diffusion: the statistics of the plaintext is "dissipated" in the statistics of the ciphertext. The non-uniformity in the distribution of the individual letters (and pairs of neighbouring letters) in the plaintext should be redistributed in such a way that it is much harder to detect.
52
Two properties of a secure cipher were identified by Claude Shannon [1945]– Information Theory
Relative Frequency of Occurrence of Letters
53
54
Two types of symmetric ciphersTwo types of symmetric ciphers
Stream ciphers– encrypt one bit at time
Block ciphers– Break plaintext message in equal-size blocks– Encrypt each block as a unit
55
Stream CiphersStream Ciphers
Combine each bit of keystream with bit of plaintext to get bit of ciphertext
m(i) = ith bit of original message ks(i) = ith bit of keystream c(i) = ith bit of ciphertext c(i) = ks(i) m(i) ( = exclusive or) m(i) = ks(i) c(i)
keystreamgenerator
key keystream
pseudo random
56
Example: 1010
1010 = 0000
0000 1101 = 1101
Since ks ks = 0000…00 for any ks therefore m = ks c = ks (ks m)
= (ks ks) m = m
Block CipherBlock Cipher• Divide input bit stream into n-bit sections, encrypt
only that section, no dependency/history between sections
• In a good block cipher, each output bit is a function of all n input bits and all k key bits
57
Example: DESExample: DES• Data Encryption Standard (DES)
• Encodes plaintext in 64-bit chunks using a 64-bit key (56 bits + 8 bits parity)
• Uses a combination of diffusion and confusion to achieve security
• Was cracked in 1997• Parallel attack – exhaustively search key
space• Decryption in DES – it’s symmetric! Use KA
again as input and then the same keys except in reverse order
58
Example: DES (2)Example: DES (2)
• DES• 64-bit input is
permuted• 16 stages of identical
operation• differ in the 48-bit
key extracted from 56-bit key - complex
• R2= R1 is encrypted with K1 and XOR’d with L1
• L2=R1, …• Final inverse
permutation stage 59
Strength of DES – Key SizeStrength of DES – Key Size
56-bit keys have 256 = 7.2 x 1016 valuesbrute force search looks hardrecent advances have shown is possible
– in 1997 on Internet in a few months – in 1998 on dedicated hardware (EFF) in a few
days – in 1999 above combined in 22hrs!
60
Symmetric keySymmetric key
Both users must have the same secret keyThe Key Sharing Problemn*(n-1)/2 keys needed for complete
confidenceUsing less than n*(n-1)/2 keys for n people,
you lose identification of source
61
Asymmetric keyAsymmetric key
Public Key CryptographyEach user has a pair of complimentary keys
(one private, one public)
n*2 keys needed (n key pairs)
Public key may be distributed freelyEither key encrypts – Complement needed
to decrypt
62
Public-Key CryptographyPublic-Key Cryptography
63
Why Public-Key Why Public-Key Cryptography?Cryptography?
developed to address two key issues:– key distribution – how to have secure communications
in general without having to trust a KDC with your key– digital signatures – how to verify a message comes
intact from the claimed senderpublic invention due to Whitfield Diffie & Martin
Hellman at Stanford Univ. in 1976– known earlier in classified community (1970 James Ellis, “The
possibility of non-secret encryption”, British Gov’t)
64
Public-Key ApplicationsPublic-Key Applications
can classify uses into 3 categories:– encryption/decryption (provide secrecy)– digital signatures (provide authentication)– key exchange (of session keys)
65
Security of Public Key Security of Public Key SchemesSchemes
like private key schemes brute force exhaustive search attack is always theoretically possible
but keys used are too large (>512bits) security relies on a large enough difference in
difficulty between easy (en/decrypt) and hard (cryptanalyse) problems
more generally the hard problem is known, its just made too hard to do in practise
requires the use of very large numbers hence is slow compared to private key schemes
66
Overview of RSAOverview of RSARSA (currently the most widely used public key)
– Rivest, Shamir, Adleman, 1977Zn
– Modular operations (the expensive part)– A sender looks up the public key of the receiver, and
encrypts the message with that key– The receiver decrypts the message with his private
key– Although, public key is public information, private
key is secret but related to the public key in a special way
67
Modular Modular ArithmeticArithmetic
68
Definition. Let m ≠ 0 be an integer. We say that two integers a and b are congruent modulo m if there is an integer k such that a – b = km, and in this case we write
a ≡ b mod m, or a mod m = bProperties Reflexivity : a ≡ a mod m. Symmetry : If a ≡ b mod m, then b ≡ a mod m. Transitivity : If a ≡ b mod m and b ≡ c mod m,
then a ≡ c mod m.
The relation of congruence modulo m partitions Z into m equivalence classes of the form
[x] = [x]m = {x + km | k in Z} .
The set of equivalence classes is denoted Zm = {0, 1, 2, . . . ,m − 1}.
For instance, Z5 = {0, 1, 2, 3, 4}.
69
More Modular More Modular ArithmeticArithmetic
70
(ab) mod m = ((a mod m) (b mod m)) mod m(a+b) mod m = ((a mod m)+(b mod m)) mod m
Example: Prove that an integer is divisible by 3 if the sum of its digits is divisible by 3.
Essence of RSAEssence of RSAP, C are in Zn
n = p * q, where p and q are primesc = Ek(m) = mb mod nm = Dk(c) = ca mod n
– D(c) = D(E(m)) = D(mb) = (mb)a = m– Factoring not necessary for decryption
The public key is (b,n), everything else is privateprivate key is (a,n)
71
Some relationshipsSome relationshipsa is relatively prime to (p-1)(q-1)ab 1 (mod (p-1)(q-1))(n) = (p-1)(q-1). (n) = { x < n : gcd(x, n) = 1 }
– “all integers less than n that are relatively prime to n”
Let’s check to see if encryption and decryption really are inverse operations.
72
Checking RSAChecking RSAab 1 (mod (n))
– “ab is some multiple of (n) + 1”ab = t(n) + 1, t >= 1(mb)a mt(n) + 1 (mod n)
(m (n))tm (mod n) (1)tm (mod n) by Euler’s Thm. m (mod n)
DONE
73
Why RSA WorksWhy RSA Works
Multiplying P by Q is easy: the number of operations depends on the number of bits (number of digits) in P and Q.
For example, multiplying two 384-bit numbers takes approximately 3842 = 147,456 bit operations
74
Why RSA Works (2)Why RSA Works (2)If one knows only n, finding p and q is
hard: in essence, the number of operations depends on the value of M.– The simplest method for factoring a 768-bit
number takes about 2384 3.94 x10115 trial divisions.
– A more sophisticated methods takes about 285 3.87 x 1025 trial divisions.
– A still more sophisticated method takes about 241 219,900,000,000 trial divisions
75
Why RSA Works (3)Why RSA Works (3)
No-one has found an really quick algorithm for factoring a large number M.
No-one has proven that such a quick algorithm doesn’t exist (or even that one is unlikely to exist).
Peter Shor has devised a very fast factoring algorithm for a quantum computer, if anyone manages to build one.
76
RSA UsageRSA Usageto encrypt a message M the sender:
– obtains public key of recipient KU={e,N} – computes: C=Me mod N, where 0≤M<N
to decrypt the ciphertext C the owner:– uses their private key KR={d,p,q} – computes: M=Cd mod N
note that the message M must be smaller than the modulus N (block if needed)
77
Bob chooses his public keyBob chooses his public keyHe randomly chooses 17th and 19th primes, 59
and 67, respectively (p = 59, q = 67, pq=3953)(n) = (58)(66) = 3828 Euler totient number
Pick a random b, less than 3828 but > 1– Let’s try 2669. Will that work? gcd(2669, 3828) = 1
Now, ab 1 (mod (n))– a x 2669 1 mod 3828– a will exist if gcd(a, (n)) = 1
78
Bob finishes his calculations Bob finishes his calculations in making his public key…in making his public key…
a = b-1 in Zn, recall a is the decryption exponent (n=pq=3953)
a = 1625 (b-1 = 1625 mod 3828)Bob’s private key (a, n) is (1625,3953), so
now Bob publishes his public key (b,n) as (2669, 3953)
79
Alice wants to send Bob a Alice wants to send Bob a message, m…message, m…
Alice has plaintext 3128 to send. She will send E(m):– Alice encrypts with public key (b,n) or (2669,3953)– E(m) = 31282669 mod 3953 = 3541
Bob receives the ciphertext 3541:– Bob decrypts with private key (a,n) or (1625,3953)– 35411625 mod 3953 = 3128
80
Prime NumbersPrime Numbersprime numbers only have divisors of 1 and self
– they cannot be written as a product of other numbers – note: 1 is prime, but is generally not of interest
eg. 2,3,5,7 are prime, 4,6,8,9,10 are notprime numbers are central to number theorylist of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139
149 151 157 163 167 173 179 181 191 193 197 199
81
Relatively Prime Numbers & GCDRelatively Prime Numbers & GCDtwo numbers a, b are relatively prime if
have no common divisors apart from 1 – eg. 8 & 15 are relatively prime since factors of 8
are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor
conversely can determine the greatest common divisor by comparing their prime factorizations and using least powers– eg. 300=21×31×52 18=21×32 hence GCD(18,300)=21×31×50=6
82
Fermat's TheoremFermat's Theorem
ap-1 mod p = 1 – where p is prime and gcd(a,p)=1
also known as Fermat’s Little Theoremuseful in public key and primality testing
83
Euler Totient Function Euler Totient Function ø(n)ø(n)when doing arithmetic modulo n complete set of residues is: 0..n-1 reduced set of residues is those numbers (residues)
which are relatively prime to n – eg for n=10, – complete set of residues is {0,1,2,3,4,5,6,7,8,9} – reduced set of residues is {1,3,7,9}
number of elements in reduced set of residues is called the Euler Totient Function ø(n)
84
Euler Totient Function Euler Totient Function ø(n)ø(n)
to compute ø(n) need to count number of elements to be excluded
in general need prime factorization, but– for p (p prime) ø(p) = p-1 – for p.q (p,q prime) ø(p.q) = (p-1)(q-1)
eg.– ø(37) = 36– ø(21) = (3–1)×(7–1) = 2×6 = 12
85
Euler's TheoremEuler's Theorema generalisation of Fermat's Theorem aø(n)mod N = 1
– where gcd(a,N)=1eg.
– a=3;n=10; ø(10)=4; – hence 34 = 81 = 1 mod 10– a=2;n=11; ø(11)=10;– hence 210 = 1024 = 1 mod 11
86
Why RSA WorksWhy RSA Worksbecause of Euler's Theorem:aø(n)mod N = 1
– where gcd(a,N)=1in RSA have:
– N=p.q– ø(N)=(p-1)(q-1) – carefully chosen e & d to be inverses mod ø(N) – hence e.d=1+k.ø(N) for some k
hence :Cd = (Me)d = M1+k.ø(N) = M1.(Mø(N))k = M1.(1)k = M1 = M mod N
87
RSA ExampleRSA Example1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187
3. Compute ø(n)=(p–1)(q-1)=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1
6. Publish public key ={7,187}
7. Keep secret private key ={23,17,11}
88
RSA Example contRSA Example contsample RSA encryption/decryption is: given message M = 88 (<187)encryption:
C = 887 mod 187 = 11
decryption:M = 1123 mod 187 = 88
89
Encryption Decryption
Plaintext88
Ciphertext11 Plaintext
88887 mod 187 = 11 1123 mod 187 = 88
KU = 7, 187 KR = 23, 187Figure 1. Example of RSA Algorithm
Some notes about a,b, p, & qSome notes about a,b, p, & qp and q must be large for securityb, the encryption exponent, does not have to
be that large (216 – 1 = 65535 is good)a, the decryption exponent, needs to be
sufficiently large (512 to 2048 bits)Having to work with such large numbers, we
need to look at some other elements of RSA.
90
RSA: Component OperationsRSA: Component OperationsExponentiation
– We need to do it fast
Factorization– Believed to be difficult (security is here)
Finding prime numbers and testing primality– Rabin Miller test– New polynomial time algorithm
http://mathworld.wolfram.com/news/2002-08-07_primetest/
91
DES vs. RSADES vs. RSARSA is about 1500 times slower than DES
– Exponentiation and modulusGeneration of numbers used in RSA can take
time
92
Key DistributionKey Distribution
The hard problem for symmetric (secret) key ciphers
Transmitting a private key on an insecure channel– Asymmetric system solves problem
93
94
4 Requirements of Security
Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver. Authentication: Sender, receiver want to confirm identity of each other .Integrity: Assuring the receiver that the received message has not been altered in any way from the original. Non-repudiation: A mechanism to prove that the sender really sent this message.
95
AuthenticationAuthentication Authentication can be defined as determining the
identity of a message sender or access control. Access control: Office workers bear identity card or
ATM Card with a PIN is required for bank transaction. Asymmetric keys can be used for non-repudiation and
sender authentication; if the receiver can obtain the session key encrypted with the sender's private key, then only this sender could have sent the message.
Digital signatureDigital signature A digital signature is a cryptographic means
through which identity of the sender, the time and date a document was sent, …, may be verified.
The digital signature of a document is a piece of information based on both the document and the signer's private key. It is typically created through the use of a hash function and a private signing function (encrypting with the signer's private key), but there are other methods.
96
97
In a typical RSA digital signature process, the private key is used to encrypt only the message digest. The encrypted message digest becomes the digital signature and is attached to the original data.
98
Public-key cryptography could be used to encrypt messages although this is rarely done because secret-key cryptography operates about 1000 times faster than public-key cryptography.
Sample application of the three cryptographic techniques for secure communication.
99
To verify the contents of digitally signed data, the recipient generates a new message digest from the data that was received, decrypts the original message digest with the originator's public key, and compares the decrypted digest with the newly generated digest. If the two digests match, the integrity of the message is verified.
The identify of the originator also is confirmed because the public key can decrypt only data that has been encrypted with the corresponding private key.
Authentication & Integrity
100
Digital Signatures are the electronic world's equivalent to a handwritten signature. A Digital Signature provides the following functions to the cryptographer:
* Authentication * Data Integrity * Non Repudiation
AssignmentsAssignments1. Perform encryption and decryption using RSA algorithm, as in
Figure 1, for the following:
① p = 3; q = 11, e = 7; M = 5
② p = 5; q = 11, e = 3; M = 9
2. In a public-key system using RSA, you intercept the ciphertext C = 10 sent to a user whose public key is e = 5, n = 35. What is the plaintext M?
101
Encryption Decryption
Plaintext88
Ciphertext11 Plaintext
88887 mod 187 = 11 1123 mod 187 = 88
KU = 7, 187 KR = 23, 187Figure 1. Example of RSA Algorithm
102
In a public-key system using RSA, you intercept the ciphertext C = 10 sent to a user whose public key is (5, 35). What is the plaintext M?The strength of RSA depends on the difficulties to factorize a large number to its prime factors. For small public key it is easy to crack.N=35, p=3, q=5 t=2*4=12e=5, (1+k*12)=(1, 13, 25, 37, 49, …) d=5Ans: M= 5 since 10^5 mod 35 = 5Check 5^5 mod 35 = 10
Example